WhatsApp, the messaging app owned by Facebook, said on Wednesday (Oct. 10) that the bug that enabled hackers to take over apps when a user answered an incoming video call has been fixed.
According to a Reuters report, WhatsApp's comments that the problem is fixed came after ZDNet and The Register reported the security weakness, which impacted the app on Apple and Android smartphones. The flaw was discovered in August, with Facebook fixing it in the early part of October.
"We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue,” Ann Yeh, spokeswoman for WhatsApp, told Reuters in an email. Currently, there are more than 1.2 billion WhatsApp users around the world.
The commentary from WhatsApp comes at a time when its parent, Facebook, has been embroiled in data scandals. Most recently, it announced in late September that roughly 50 million of its users had their data exposed through an attack on its network. Facebook found that attackers were able to take control of user accounts through a function within the platform’s code, The New York Times reported. Following the discovery, Facebook had the vulnerability fixed and reached out to authorities. More than 90 million users had to log out of their accounts as a result of the breach, which has been described as a typical measure taken with comprised accounts.
“We’re taking it really seriously,” Facebook Chief Executive Mark Zuckerberg told reporters in a conference call at the time. “We have a major security effort at the company that hardens all of our surfaces.” He also told reporters, “I’m glad we found this. But it definitely is an issue that this happened in the first place.”
Since then, Facebook has said hackers didn’t access third-party websites with its single sign-on service. According to a report in Reuters earlier in October, citing Facebook, the social media giant said it hasn’t found evidence that the hackers accessed users’ other websites through the Facebook login. “We analyzed third-party access during the time of the attack we have identified. That investigation has found no evidence that the attackers accessed any apps using Facebook logins,” said Guy Rosen, a Facebook vice president overseeing security, in a statement sent to Reuters.